New SANS CTI Survey Shows the Impact of COVID-19 on Cyber Threat Intel

In a field that changes as rapidly as cyber threat intelligence (CTI), keeping up with the latest trends is important for all professionals who could be impacted by them. It’s not just a matter of keeping track of the latest technologies, but also one of understanding changes in the threat landscape and the ways businesses and organizations approach CTI. And while the field is always a dynamic one, in the past year it has seen some especially sudden changes as an indirect result of the coronavirus outbreak.

To give professionals working in CTI and adjacent fields a data-driven look at the past year’s industry-wide trends, we at Cybersixgill recently sponsored the 2021 SANS Cyber Threat Intelligence (CTI) Survey. We are happy to announce that the report is now live, and you can download it from Cybersixgill’s website

The latest edition of the annual survey gathered responses from professionals serving in cybersecurity-related roles in businesses and organizations of various sizes around the world, asking about various aspects of CTI within their workplaces. The results provide valuable insights into the ways CTI professionals work, their intel sources, their analytical tools, their ways of disseminating their findings, and much more.

How did this year’s results differ from last year’s?

It seems that a significant portion of the changes as compared to last year’s results appeared due to the coronavirus outbreak. For example, anecdotal responses highlighted in the report showed that COVID-19 has affected the cyber threats that organizations face, due to the increases in employees working from home and a variety of coronavirus-driven cybercrimes. And while respondents said they utilize various methods of conveying their findings within their companies, their use of briefings in this regard has dropped significantly since last year’s survey as remote work has become more common.

Other differences between this year’s survey and last year’s point to the growing use of automation and the ongoing maturation of the field of CTI. With automation continuing to play an increasingly prominent role in threat analysis, this year 65% of respondents expressed satisfaction with their companies’ level of “automation and integration of CTI information with detection and response systems” – a 3% increase since last year. And, although a majority (54%) of respondents to this year’s survey cited a lack of trained employees as a factor holding back their organizations’ implementation of CTI, this figure reflected a 3% decrease since last year.

Sixgill _ Images - SANS Survey - 1.1

One other key difference as compared to last year's report is that the latest survey found a far wider use of CTI gathered from “external sources such as media reports and news.” A whopping 77% of respondents said they considered these sources part of their intelligence gathering – a higher figure than for any other type of information source, and 14% higher than in last year’s survey. 

What other topics did the survey explore?

Beyond these findings, the survey asked respondents about a wide variety of aspects of their jobs and the ways their organizations handle cyber threat intelligence. In the report, you will find useful insights based on the responses collected. 

The key questions explored in the survey include:

  • How common is it for organizations to rely on a dedicated CTI team, a single dedicated CTI professional, or a system of sharing CTI responsibilities with other security teams?
  • How do organizations utilize their CTI findings?
  • How common is it for organizations to have formally defined intelligence requirements, and who typically takes part in shaping these requirements?
  • Which types of information sources do organizations turn to in order to gather CTI?
  • What types of tools do organizations rely on to support their CTI efforts?
  • What steps do organizations take to process their CTI so as to make it more usable?
  • Which types of tools and formats do organizations use to disseminate and utilize their CTI findings?
  • To what extent do organizations integrate their CTI with their defense and response systems?
  • How satisfied are relevant professionals with their organizations’ use of CTI?
  • How do organizations evaluate the effectiveness of their CTI?
  • How do information sharing and analysis centers (ISACs) contribute to organizations’ CTI?

As we approach the one-year mark since COVID-19 became a truly global phenomenon with wide-ranging implications, it is hard to deny its impact on cyber threat intelligence. Now, the 2021 SANS Cyber Threat Intelligence (CTI) Survey helps us gauge the extent of that impact on various aspects of CTI within organizations around the world. Download the report today (at no charge) to get a clearer picture of the current state of cyber threat intelligence, its trajectory, and other useful insights from CTI specialists and professionals in related fields.

Get your copy